Flawed online banking software gave hackers opportunity to steal personal data
Banking apps used by millions of customers contained a flaw that left them vulnerable to hackers.
Researchers found that online criminals would have been able to fool apps from HSBC, Natwest, Co-op bank and others into revealing personal details. The Birmingham University team said they did not know whether customers were actively hacked as a result of the flawed apps, which have now been updated and are secure. They found that an attacker connected to the same network as an app user, such as via Wi-fi or a corporate network, could retrieve the user’s credentials including username, password and pin code. Dr Tom Chothia, who led the research, said: “It’s impossible to tell if these vulnerabilities were exploited but attackers could have got access to the banking app of anyone connected to a compromised network.”